Data Protection Statement of Canyon Bicycles GmbH

Canyon Bicycles GmbH (hereinafter called CANYON) is pleased that you are visiting our website. Data protection and data safety while using our website are very important for us. Therefore, we would like to inform you at this point about which of your personal data we record at the time of your visit to our website and for what purposes these data are used.

Since changes in laws or changes in our internal company processes may make adjustment of this data protection statement necessary, we ask you to read through this data protection statement regularly. The data protection statement can be called up on the data protection navigation area on our website, stored, and printed out at any time.

§ 1 Responsible party and scope of validity

The responsible party in the sense of the EU General Data Protection Regulation (hereinafter GDPR) and other national data protection laws of the member states as well as other legal data protection specifications is:

This data protection statement is valid for the internet offer of Canyon Bicycles GmbH, which can be found at the domain www.canyon.com as well as the different subdomains (hereinafter called “our website”).

§ 3 Data processing principles

All items of information that refer to an identified or identifiable natural person are personal data. For example, this includes information such as your name, your age, your address, your telephone number, your date of birth, your email address, your IP address or the user behaviour. Information, with which we can make no reference (or only with a disproportionately large expense) to your person, e.g. by anonymising the information, is not personal data. The processing of personal data (for example, collecting, questioning, using, storing, or transmitting) always requires a legal basis or your consent. Processed personal data are erased as soon as the purpose of the processing has been achieved and legally stipulated retention obligations are no longer in effect.

If we process your personal data for preparing specific offers, we will subsequently inform you concerning the specific procedures, the scope, and the purpose of the data processing, the legal basis for the processing and the respective storage duration.

§ 4 Individual processing procedures

1. Preparing and using the website

a. Type and scope of the data processing

In the case of calling up and using our website, we collect the personal data automatically, which your browser transmits to our server. This information is temporarily stored in a so-called log file. When you use our website, we collect the following data, which are technically necessary for us, in order to display our website to you and to assure the stability and reliability.

IP address of the requesting computer,

Date and time of the access,

Name and URL of the requested file,

Website, from which the access takes place (referrer URL),

Browser used, terminal used, and, if appropriate, the operating system as well as the name of your access provider

b. Legal basis

Article 6, paragraph 1, letter 1 GDPR serves as the legal basis for the specified data processing. The processing of the specified data is necessary for preparing a website and thus serves for supporting a justified interest of our company.

c. Storage duration

As soon as the specified data are no longer necessary for displaying the website, they are erased. The recording of the data for preparing the website and the storage of the data in logfiles is absolutely required for the operation of the internet page. Consequently, there is no possibility of objection on the part of the user. Further storage can take place in individual cases, if this is legally stipulated.

2. Goods purchase

a. Type and scope of the data processing

On our internet page, we offer users the possibility of purchasing goods with the specification of personal data, The data required for this are input into an input mask and transmitted to us and stored. Transfer of the data to third parties does not take place. The following data are collected within the framework of the ordering procedure:

Salutation

Name

Address

Telephone number

Email address

Payment information

Type of shipping

Your data are transferred to the shipping company in charge of the delivery, in so far as this is necessary for delivery of the goods. For transacting payments, we transfer your payment data to the financial institution entrusted with the payment. That company may only use your data for contract settlement and not for other purposes.

If you purchase goods on our internet page and enter your email address at that time, it may be used subsequently by us for sending a newsletter for our own similar goods or services.

b. Legal basis

In processing your personal data (cf. § 4 3. a.) that are required for fulfilling a purchase agreement concluded with us, Art. 6, paragraph 1, letter b GDPR serves as the legal basis. This also applies for processing procedures that are required for carrying out pre-contractual measures.

c. Storage duration

With complete settlement of the agreement and complete purchase price payment, your data are stored for further use and erased after expiry of the legal tax and commercial law retention periods, if you have not expressly agreed to the further use of your data. Further storage can take place in individual cases, if this is legally stipulated.

3. Newsletter

a. Type and scope of the data processing

On our internet page, we offer users the possibility of purchasing goods with the specification of personal data, The data required for this are input into an input mask and transmitted to us and stored. Transfer of the data to third parties does not take place. The following data are collected within the framework of the ordering procedure:

Salutation

Email address

Date of birth

Bicycle category of interest

News category of interest

No transfer of your data to third parties takes place in connection with the sending of the newsletter.

We use the so-called double opt-in method for sending the newsletter, that is, we will send you the newsletter only if you confirm your request beforehand via a confirmation email sent to you for this purpose per link contained therein. Thus, we want to make sure that only you can subscribe to the newsletter yourself as holder of the indicated email address. Your confirmation concerning this must take place soon after receiving the confirmation email, since otherwise your newsletter subscription is automatically erased from our database

b. Legal basis

The processing of your email address, salutation, your date of birth, and the bicycle and news category of interest for you for sending the newsletter is based on Article 6, paragraph 1, letter a GDPR on the consent statement issued by you on the basis of a double opt-in.

c. Storage duration

Your email address is stored as long as you have subscribed to the newsletter. After cancellation of sending the newsletter, your email address is erased. Further storage can take place in individual cases, if this is legally stipulated.

4. Contact form

a. Type and scope of the data processing

On our website we invite you to get in contact with us via a prepared form. Within the framework of the procedure of sending your inquiries via the contact form, reference is made to this data protection statement for obtaining your consent. If you make use of the contact form, the following personal data from you are processed via the contact form.

Name

Email address

The specification of your email address is so that your inquiry can be associated with you and that you can be answered. If the contact form is used, your personal data will not be transferred to third parties.

b. Legal basis

The previously (cf. § 4 5. a.) described data processing for the purpose of making contact takes place according to Article 6, paragraph 1, letter a GDPR on the consent statement voluntarily made by you below:

Consent statement:

With the entry of my data and the confirmation of the “send” button, I declare my consent that my email address and my name will be used for answering my contact inquiry.

I can revoke the consent for the acquisition of the personal data acquired during the request procedure at any time.

c. Storage duration

As soon as the inquiry made by you has been dealt with, and the matter concerned is finally clarified, your personal data processed via the contact form will be erased. Further storage can take place in individual cases, if this is legally stipulated.

§ 5 Transfer of data

We transfer your personal data to third parties only if:

You have granted your express consent for this in accordance with Article 6, paragraph 1, sentence 1, letter a GDPR,

this is legally permissible and required for fulfilling a contractual relationship with you in accordance with Article 6, paragraph 1, sentence 1, letter b GDPR,

if there is a legal obligation for the transfer in accordance with Article 6, paragraph 1, sentence 1, letter c GDPR,

the transfer is required in accordance with Article 6, paragraph 1, sentence 1, letter f GDPR for supporting justified company interests as well as for enforcing, exercising, or defending legal claims and there is no basis for the assumption that you have an overwhelming interest in non-transfer of your data that is worthy of protection.

§ 6 Use of cookies

a. Type and scope of the data processing

We use cookies on our website. Cookies are small files, which are sent by us to the browser of your terminal and stored there within the framework of your visit to our internet pages. Some functions of our internet site cannot be offered without the use of technically necessary cookies. Other cookies allow us to perform different analyses. For example, cookies are capable of re-recognising the browser used by you in case of another visit to our website and to transmit different information to us. By means of cookies we can, among other things, configure our internet offering for you in a more user-friendly and effective way, for example, by understanding your use of our website and determining your preferred settings (for example, country and language settings). Insofar as third parties process information via cookies, they acquire the information directly via your browser. Cookies cause no damage to your terminal. They cannot execute any programs and contain no viruses.

Different kinds of cookies are used on our website, the kind and function of which will be explained in detail below.

Type:

Transient cookies, which are automatically erased as soon as you close your browser, are used on our website. This kind of cookies makes it possible to determine your session ID. In this way, different requests from your browser can be associated with a common session and it is possible for us to re-recognise your terminal at the time of later website visits.

In addition, persistent cookies are used on our website. Persistent cookies are cookies that are stored in your browser for a longer period of time and transmit information to us. The respective storage duration differs from cookie to cookie. You can erase persistent cookies independently via your browser settings.

Function:

Required cookies

These cookies are necessary for technical reasons so that you can visit our website and use functions that we offer. For example, this refers to the following applications: Ordering procedure, payment procedure

Moreover, these cookies contribute to a safer use of the website in according with regulations.

Performance-related cookies

By means of these cookies, it is possible for us to perform an analysis of website use and to improve performance and functionality of our website. For example, they are used to obtain information about how our website is used by visitors, what pages are called up most often or if error messages are displayed on specific pages.

Cookies for marketing and social media

Advertising cookies (of third party suppliers) make it possible to display to you different offers that correspond to your interests. Among other things, the web activities of the users over a long period of time can be determined via these cookies. The cookies possibly recognise you on different terminals that you use.

Furthermore, specific cookies make it possible to build a connection to your social networks and to share content of our website within your networks.

b. Legal basis

Based on the described purposes of use (cf. § 6. a.), the legal basis for the processing of personal data with the use of cookies is in Article 6, paragraph 1, letter f GDPR. If you have granted us your consent for the use of cookies based on information (cookie banner) granted by us on the website, the legality of the use is also guided by Article 6, paragraph 1, letter f GDPR.

c. Storage duration

As soon as the data transmitted to us via cookies for achieving the purposes described above are no longer necessary, this information is erased. Further storage can take place in individual cases, if this is legally stipulated.

d. Configuration of the browser settings

Most browsers are preadjusted so that they accept cookies as a standard procedure. However, you can configure your respective browser so that it only accepts certain cookies or even no longer accepts cookies. However, we inform you that you possibly can no longer use all functions of our website if cookies are deactivated by your browser settings on our website. You can also erase cookies already stored in your browser via your browser settings. Furthermore, it is also possible to adjust your browser so that it informs you before cookies are stored. Since the different browsers can differ in their respective modes of functioning, please take advantage of the respective help menu of your browser for the configuration possibilities. If you wish to have a comprehensive overview of all access by third parties to your internet browser, we recommend that you install plug-ins specially developed for this.

§ 7 Tracking and analysis tools

We use tracking and analysis tools in order to assure continuous optimisation and demand-oriented configuration of our website. By means of tracking measures it is also possible for us to statistically record the use of our website by visitors and to further develop our online offering for you by means of the knowledge obtained in this way. On the basis of these interests, the use of the tracking and analysis tools described below is authorised according to Article 6, paragraph 1, page 1, letter f GDPR. The respective processing purposes and the processed data can also be found in the following description of the tracking and analysis tools.

1. Google Analytics 360

Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountainview, CA 94043 USA (“Google”) is used on this website. Google Analytics uses so-called “cookies”, text files, which are stored on their computer, and which enable an analysis of your use of the website.

The information generated by these cookies, for example concerning time, place, and frequency of your use of this website, are as a rule transmitted to a server of Google in the USA and stored there. In using Google Analytics, it is not excluded that the cookies set by Google Analytics can also record additional personal data in addition to the IP address. We point out to you that Google possibly will transmit this information to third parties, if this is legally stipulated or insofar as third parties process these data on behalf of Google.

The information generated by cookies is used by Google on behalf of the operator of this website in order to evaluate your use of the website, in order to compile reports concerning the website activities, and to furnish the website operator with further data services connected with the website use and the internet use. The IP address transmitted from your browser within the framework of Google Analytics is not transmitted by Google, according to Google’s own information, along with the other data from Google.

You can generally block storage of cookies by a corresponding setting of your browser software; however, we inform you that in this case you may not be able to use all functions of this website in their full scope.

It is not excluded that the cookies set by Google Analytics can record additional personal data in addition to the IP address. In order to prevent information concerning your use of the website from being recorded by Google Analytics and transmitted to Google Analytics, you can download and install a plug-in for your browser under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.This plug-in prevents information concerning your visit to the website from being transmitted to Google Analytics. Another analysis is not prevented by this plug-in.

We inform you that you cannot use the browser plug-in described above in case of a visit to our website via the browser of a mobile device (smartphone or tablet). In case of using a mobile device, you can prevent the recording of your use data by Google Analytics by clicking on the following link: Deactivate Google Analytics.By clicking on this link, a so-called opt-out cookie is set in your browser. This prevents information concerning your visit to the website from being transmitted to Google Analytics. Please note that the opt-out cookie is valid only for this browser and only for this domain. If you erase the cookies in this browser, the opt-out cookie also is erased. Furthermore, in order to prevent the recording by Google Analytics, you must click on the link again. The use of the opt-out cookie is also possible as an alternative to the above plug-in in the case of using the browser on your computer.

In order to provide the best possible protection of your personal data, Google Analytics was expanded on this website by the code “anonymizeIP”. This code causes the last 8 bits of the IP address to be erased and thus your IP address is recorded anonymised (so-called IP masking). In this way, your IP address is basically shortened and thus anonymised by Google already before the transmission within member states of the European Union or in other contracting countries of the Agreement concerning the European Economic Area. Only in exceptional cases is the complete IP address transmitted to a server by Google in the USA and shortened there.

2. Google AdWords

We use the “Google AdWords” technology and, in this case, especially the conversion tracking. Google Conversion Tracking is an analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you click on a display placed by Google, a cookie for the conversion tracking is stored on your PC. The cookies have a validity of 30 days and do not serve for personal identification. If you visit certain pages of our website, and if the cookie has not yet expired, Google and we can detect that you have clicked on a specific display and were passed on to this page. In each case, Google AdWords customers obtain another cookie. Thus, it is not possible to track cookies via the websites of AdWords customers.

The data obtained by means of the conversion cookie serve for creating conversion statistics for AdWords customers that use the conversion tracking. In this way the customers obtain the number of users that have clicked on their display and thereupon were passed on to a page provided with a conversion tracking tag. Of course, they obtain no information, with which the user can be personally identified.

If you do not want to participate in the conversion tracking, you can prevent this by a corresponding setting in your browser, e.g. in the form that an installation of cookies is generally prevented. You can also deactivate cookies for the conversion tracking by setting your browser so that only cookies from the web address “googleadcervices.com” are blocked.

3. Google Remarketing

We use the “Google Remarketing” technology of the company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Remarketing places displays for users that have already visited out web pages and online services and have been interested in a specific offer. Within the Google advertising network, it is possible to place targeted and interest-based advertising displays on our page in this way. Google Remarketing uses cookies for this analysis. In this way our visitors can be recognised again as soon as they call up web pages within the Google advertising network. Within the Google advertising network, it is possible to place targeted and interest-based advertising displays that are based on the web pages of the Google advertising network (which also use Google’s remarketing function) previously visited by the visitor.

If you do not want to have targeted, interest-based advertising displayed, you can deactivate the use of cookies by Google for these purposes via the link: https://www.google.de/settings/ads.

After clicking on a social plug-in, the respective service supplier obtains the information that you have visited the corresponding page of our online offer. Please note, that for this you do not have to have a user account with the service concerned or that you are already logged in there. Of course, if you already have a user account with the service supplier concerned and are already logged in this account during the visit to our website, the data acquired by the social plug-in are directly associated with your account. If you do not want the association of your profile with the data supplier, you must log out from your user account before clicking on one of the social plug-ins.

Note that CANYON has no influence if and to what extent the respective service suppliers acquire personal data. Extent, purpose, and storage periods of the respective data collection are unknown to us. Of course, we inform you that it must be assumed that at least the IP address and device-related information are used and recorded via social plug-ins. It is also possible that the respective data suppliers use cookies.

Please obtain the data protection information directly from the website of the respective service concerning the extent and purpose of the data collection by the respective service as well as the further processing and use of your data. There, you will obtain further information concerning your corresponding data protection rights and settings possibilities for protection of your privacy.

2. Xing

A button of the “Xing” network is used on our website. By clicking on this button, a connection to the servers of XING AG (hereinafter “XING”) , with which the “XING button” functions are produced, is established via your browser for the short term. XING stores no personal data from you via calling up of this internet page. In particular, XING stores no IP addresses. Also, no evaluation of your usage behaviour takes place via the use of cookies in connection with the “XING share button”. You can find the respectively current data protection information and supplementary information on this internet page:https://www.xing.com/app/share?op=data_protection and http://www.xing.com/privacy.

3. YouTube

On our website we use, among others, the supplier YouTube for the integration of videos etc. YouTube is operated by YouTube LLC with main headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

On some of our internet pages, we use plug-ins of the supplier YouTube. If you call up the internet pages of our website that have such a plug-in, a connection to the YouTube Servers is produced and, in this way, the plug-in is presented. In this way, information about which of our internet pages you have visited is transmitted to the YouTube server If you are logged into YouTube as a member, YouTube associates this information with your personal user account. In case of using the plug-in such as, for example, clicking on the start button of a video, this information is also associated with your user account. You can prevent this association by logging out of your YouTube user account as well as other user accounts of the companies YouTube LLC and Google Inc. and erasing the corresponding cookies of the companies before using our internet site.

4. Instagram

A button from the Instagram service is integrated on our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages with your Instagram profile by clicking on the Instagram button. In this way, Instagram can associate the visit to our pages with your user account. We point out that we, as the supplier of the pages, obtain no knowledge of the content of the transmitted data as well as the use thereof by Instagram.You will find further information about this in the data protection statement of Instagram: https://help.instagram.com/155833707900388

§ 9 Hyperlinks

On our website, there are so-called hyperlinks to websites of other suppliers. Upon clicking on these hyperlinks, you are passed from our website directly onto the website of the other suppliers. You recognise this, among other things, by the change of the URL. We can assume no responsibility for the confidential treatment of your data on these websites of third parties, since we have no influence over whether these companies adhere to data protection provisions. Please learn about the treatment of your personal data by these companies directly on these websites.

§ 10 Rights of affected persons

Pursuant to the GDPR, you have the following rights as a person affected by the processing of personal data:

According to Article 15 GDPR, you can request information about personal data processed by us. In particular, you can request information about the processing purposes, the categories of the personal data, the categories of recipients, to whom your data were or are being disclosed, the planned storage duration, the existence of a right to correction, erasure, limitation of the processing, or objection, the existence of a right of complaint, the origin of your data, if the latter were not acquired from us, concerning the transmission to third party countries or to international organisations as well as concerning the existence of an automated decision-making including profiling and possibly predictive information concerning the details thereof.

According to Article 16 GDPR, you can immediately request the correction, or completion, of your incorrect personal data stored with us.

According to Article 17 GDPR, you can request the erasure of your personal data stored with us, if the processing is not necessary for the exercise of the right to free expression of opinion, for fulfilling a legal obligation, for reasons of public interest, or for assertion, exercise, or defence of legal claims.

According to Article 18 GDPR, you can request the limitation of the processing of your personal data, if you contest the correctness of the data, the processing is illegal, we no longer need the data, and you deny the erasure thereof because you need these for assertion, exercise, or defence of legal claims. The right pursuant to Article 18 GDPR is also available to you if you have lodged an objection to the processing according to Article 21 GDPR.

According to Article 20 GDPR, you can request to obtain your personal data, which you have provided to us, in a structured, regular, and machine-readable format or you can request the transmission to another responsible party.

According to Article 7 paragraph 3 GDPR, you can revoke the consent that you once granted to us at any time. The result of this is that, in the future, we may no longer continue the data processing based on such consent.

According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your work place, or your company headquarters for this.

§ 11 Right to object

In the case of the processing of your personal data on the basis of justified interests according to Article 6, paragraph 1, sentence 1, letter f GDPR you have the right, according to Article 21 GDPR, to lodge an objection against the processing of your personal data, if there are grounds for this, which result from your particular situation or the objection is directed against direct advertising. In the case of direct advertising, you have a general right to object, which shall be implemented by us without indication of a particular situation.

§ 12 Data security and security measures

We are committed to protecting your privacy and treating your personal data confidentially. In order to prevent a manipulation or a loss or misuse of your data stored with us, we take extensive technical and organisational security precautions, which are regularly checked and adapted for technological advances. This includes, among other things, the use of recognised encryption methods (SSL or TLS). However, we point out that because of the structure of the internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions that are not in our area of responsibility. In particular, unencrypted exposed data – e.g. when this takes place via email – can be read by third parties. We have technically no influence on this. It is in the area of responsibility of the user to protect the data made available, by them by means of encryption or in another way, against misuse.

Data Protection Statement of Canyon Bicycles GmbH

Canyon Bicycles GmbH (hereinafter called CANYON) is pleased that you are visiting our website. Data protection and data safety while using our website are very important for us. Therefore, we would like to inform you at this point about which of your personal data we record at the time of your visit to our website and for what purposes these data are used.

Since changes in laws or changes in our internal company processes may make adjustment of this data protection statement necessary, we ask you to read through this data protection statement regularly. The data protection statement can be called up on the data protection navigation area on our website, stored, and printed out at any time.

§ 1 Responsible party and scope of validity

The responsible party in the sense of the EU General Data Protection Regulation (hereinafter GDPR) and other national data protection laws of the member states as well as other legal data protection specifications is:

This data protection statement is valid for the internet offer of Canyon Bicycles GmbH, which can be found at the domain www.canyon.com as well as the different subdomains (hereinafter called “our website”).

§ 3 Data processing principles

All items of information that refer to an identified or identifiable natural person are personal data. For example, this includes information such as your name, your age, your address, your telephone number, your date of birth, your email address, your IP address or the user behaviour. Information, with which we can make no reference (or only with a disproportionately large expense) to your person, e.g. by anonymising the information, is not personal data. The processing of personal data (for example, collecting, questioning, using, storing, or transmitting) always requires a legal basis or your consent. Processed personal data are erased as soon as the purpose of the processing has been achieved and legally stipulated retention obligations are no longer in effect.

If we process your personal data for preparing specific offers, we will subsequently inform you concerning the specific procedures, the scope, and the purpose of the data processing, the legal basis for the processing and the respective storage duration.

§ 4 Individual processing procedures

1. Preparing and using the website

a. Type and scope of the data processing

In the case of calling up and using our website, we collect the personal data automatically, which your browser transmits to our server. This information is temporarily stored in a so-called log file. When you use our website, we collect the following data, which are technically necessary for us, in order to display our website to you and to assure the stability and reliability.

IP address of the requesting computer,

Date and time of the access,

Name and URL of the requested file,

Website, from which the access takes place (referrer URL),

Browser used, terminal used, and, if appropriate, the operating system as well as the name of your access provider

b. Legal basis

Article 6, paragraph 1, letter 1 GDPR serves as the legal basis for the specified data processing. The processing of the specified data is necessary for preparing a website and thus serves for supporting a justified interest of our company.

c. Storage duration

As soon as the specified data are no longer necessary for displaying the website, they are erased. The recording of the data for preparing the website and the storage of the data in logfiles is absolutely required for the operation of the internet page. Consequently, there is no possibility of objection on the part of the user. Further storage can take place in individual cases, if this is legally stipulated.

2. Goods purchase

a. Type and scope of the data processing

On our internet page, we offer users the possibility of purchasing goods with the specification of personal data, The data required for this are input into an input mask and transmitted to us and stored. Transfer of the data to third parties does not take place. The following data are collected within the framework of the ordering procedure:

Salutation

Name

Address

Telephone number

Email address

Payment information

Type of shipping

Your data are transferred to the shipping company in charge of the delivery, in so far as this is necessary for delivery of the goods. For transacting payments, we transfer your payment data to the financial institution entrusted with the payment. That company may only use your data for contract settlement and not for other purposes.

If you purchase goods on our internet page and enter your email address at that time, it may be used subsequently by us for sending a newsletter for our own similar goods or services.

b. Legal basis

In processing your personal data (cf. § 4 3. a.) that are required for fulfilling a purchase agreement concluded with us, Art. 6, paragraph 1, letter b GDPR serves as the legal basis. This also applies for processing procedures that are required for carrying out pre-contractual measures.

c. Storage duration

With complete settlement of the agreement and complete purchase price payment, your data are stored for further use and erased after expiry of the legal tax and commercial law retention periods, if you have not expressly agreed to the further use of your data. Further storage can take place in individual cases, if this is legally stipulated.

3. Newsletter

a. Type and scope of the data processing

On our internet page, we offer users the possibility of purchasing goods with the specification of personal data, The data required for this are input into an input mask and transmitted to us and stored. Transfer of the data to third parties does not take place. The following data are collected within the framework of the ordering procedure:

Salutation

Email address

Date of birth

Bicycle category of interest

News category of interest

No transfer of your data to third parties takes place in connection with the sending of the newsletter.

We use the so-called double opt-in method for sending the newsletter, that is, we will send you the newsletter only if you confirm your request beforehand via a confirmation email sent to you for this purpose per link contained therein. Thus, we want to make sure that only you can subscribe to the newsletter yourself as holder of the indicated email address. Your confirmation concerning this must take place soon after receiving the confirmation email, since otherwise your newsletter subscription is automatically erased from our database

b. Legal basis

The processing of your email address, salutation, your date of birth, and the bicycle and news category of interest for you for sending the newsletter is based on Article 6, paragraph 1, letter a GDPR on the consent statement issued by you on the basis of a double opt-in.

c. Storage duration

Your email address is stored as long as you have subscribed to the newsletter. After cancellation of sending the newsletter, your email address is erased. Further storage can take place in individual cases, if this is legally stipulated.

4. Contact form

a. Type and scope of the data processing

On our website we invite you to get in contact with us via a prepared form. Within the framework of the procedure of sending your inquiries via the contact form, reference is made to this data protection statement for obtaining your consent. If you make use of the contact form, the following personal data from you are processed via the contact form.

Name

Email address

The specification of your email address is so that your inquiry can be associated with you and that you can be answered. If the contact form is used, your personal data will not be transferred to third parties.

b. Legal basis

The previously (cf. § 4 5. a.) described data processing for the purpose of making contact takes place according to Article 6, paragraph 1, letter a GDPR on the consent statement voluntarily made by you below:

Consent statement:

With the entry of my data and the confirmation of the “send” button, I declare my consent that my email address and my name will be used for answering my contact inquiry.

I can revoke the consent for the acquisition of the personal data acquired during the request procedure at any time.

c. Storage duration

As soon as the inquiry made by you has been dealt with, and the matter concerned is finally clarified, your personal data processed via the contact form will be erased. Further storage can take place in individual cases, if this is legally stipulated.

§ 5 Transfer of data

We transfer your personal data to third parties only if:

You have granted your express consent for this in accordance with Article 6, paragraph 1, sentence 1, letter a GDPR,

this is legally permissible and required for fulfilling a contractual relationship with you in accordance with Article 6, paragraph 1, sentence 1, letter b GDPR,

if there is a legal obligation for the transfer in accordance with Article 6, paragraph 1, sentence 1, letter c GDPR,

the transfer is required in accordance with Article 6, paragraph 1, sentence 1, letter f GDPR for supporting justified company interests as well as for enforcing, exercising, or defending legal claims and there is no basis for the assumption that you have an overwhelming interest in non-transfer of your data that is worthy of protection.

§ 6 Use of cookies

a. Type and scope of the data processing

We use cookies on our website. Cookies are small files, which are sent by us to the browser of your terminal and stored there within the framework of your visit to our internet pages. Some functions of our internet site cannot be offered without the use of technically necessary cookies. Other cookies allow us to perform different analyses. For example, cookies are capable of re-recognising the browser used by you in case of another visit to our website and to transmit different information to us. By means of cookies we can, among other things, configure our internet offering for you in a more user-friendly and effective way, for example, by understanding your use of our website and determining your preferred settings (for example, country and language settings). Insofar as third parties process information via cookies, they acquire the information directly via your browser. Cookies cause no damage to your terminal. They cannot execute any programs and contain no viruses.

Different kinds of cookies are used on our website, the kind and function of which will be explained in detail below.

Type:

Transient cookies, which are automatically erased as soon as you close your browser, are used on our website. This kind of cookies makes it possible to determine your session ID. In this way, different requests from your browser can be associated with a common session and it is possible for us to re-recognise your terminal at the time of later website visits.

In addition, persistent cookies are used on our website. Persistent cookies are cookies that are stored in your browser for a longer period of time and transmit information to us. The respective storage duration differs from cookie to cookie. You can erase persistent cookies independently via your browser settings.

Function:

Required cookies

These cookies are necessary for technical reasons so that you can visit our website and use functions that we offer. For example, this refers to the following applications: Ordering procedure, payment procedure

Moreover, these cookies contribute to a safer use of the website in according with regulations.

Performance-related cookies

By means of these cookies, it is possible for us to perform an analysis of website use and to improve performance and functionality of our website. For example, they are used to obtain information about how our website is used by visitors, what pages are called up most often or if error messages are displayed on specific pages.

Cookies for marketing and social media

Advertising cookies (of third party suppliers) make it possible to display to you different offers that correspond to your interests. Among other things, the web activities of the users over a long period of time can be determined via these cookies. The cookies possibly recognise you on different terminals that you use.

Furthermore, specific cookies make it possible to build a connection to your social networks and to share content of our website within your networks.

b. Legal basis

Based on the described purposes of use (cf. § 6. a.), the legal basis for the processing of personal data with the use of cookies is in Article 6, paragraph 1, letter f GDPR. If you have granted us your consent for the use of cookies based on information (cookie banner) granted by us on the website, the legality of the use is also guided by Article 6, paragraph 1, letter f GDPR.

c. Storage duration

As soon as the data transmitted to us via cookies for achieving the purposes described above are no longer necessary, this information is erased. Further storage can take place in individual cases, if this is legally stipulated.

d. Configuration of the browser settings

Most browsers are preadjusted so that they accept cookies as a standard procedure. However, you can configure your respective browser so that it only accepts certain cookies or even no longer accepts cookies. However, we inform you that you possibly can no longer use all functions of our website if cookies are deactivated by your browser settings on our website. You can also erase cookies already stored in your browser via your browser settings. Furthermore, it is also possible to adjust your browser so that it informs you before cookies are stored. Since the different browsers can differ in their respective modes of functioning, please take advantage of the respective help menu of your browser for the configuration possibilities. If you wish to have a comprehensive overview of all access by third parties to your internet browser, we recommend that you install plug-ins specially developed for this.

§ 7 Tracking and analysis tools

We use tracking and analysis tools in order to assure continuous optimisation and demand-oriented configuration of our website. By means of tracking measures it is also possible for us to statistically record the use of our website by visitors and to further develop our online offering for you by means of the knowledge obtained in this way. On the basis of these interests, the use of the tracking and analysis tools described below is authorised according to Article 6, paragraph 1, page 1, letter f GDPR. The respective processing purposes and the processed data can also be found in the following description of the tracking and analysis tools.

1. Google Analytics 360

Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountainview, CA 94043 USA (“Google”) is used on this website. Google Analytics uses so-called “cookies”, text files, which are stored on their computer, and which enable an analysis of your use of the website.

The information generated by these cookies, for example concerning time, place, and frequency of your use of this website, are as a rule transmitted to a server of Google in the USA and stored there. In using Google Analytics, it is not excluded that the cookies set by Google Analytics can also record additional personal data in addition to the IP address. We point out to you that Google possibly will transmit this information to third parties, if this is legally stipulated or insofar as third parties process these data on behalf of Google.

The information generated by cookies is used by Google on behalf of the operator of this website in order to evaluate your use of the website, in order to compile reports concerning the website activities, and to furnish the website operator with further data services connected with the website use and the internet use. The IP address transmitted from your browser within the framework of Google Analytics is not transmitted by Google, according to Google’s own information, along with the other data from Google.

You can generally block storage of cookies by a corresponding setting of your browser software; however, we inform you that in this case you may not be able to use all functions of this website in their full scope.

It is not excluded that the cookies set by Google Analytics can record additional personal data in addition to the IP address. In order to prevent information concerning your use of the website from being recorded by Google Analytics and transmitted to Google Analytics, you can download and install a plug-in for your browser under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.This plug-in prevents information concerning your visit to the website from being transmitted to Google Analytics. Another analysis is not prevented by this plug-in.

We inform you that you cannot use the browser plug-in described above in case of a visit to our website via the browser of a mobile device (smartphone or tablet). In case of using a mobile device, you can prevent the recording of your use data by Google Analytics by clicking on the following link: Deactivate Google Analytics.By clicking on this link, a so-called opt-out cookie is set in your browser. This prevents information concerning your visit to the website from being transmitted to Google Analytics. Please note that the opt-out cookie is valid only for this browser and only for this domain. If you erase the cookies in this browser, the opt-out cookie also is erased. Furthermore, in order to prevent the recording by Google Analytics, you must click on the link again. The use of the opt-out cookie is also possible as an alternative to the above plug-in in the case of using the browser on your computer.

In order to provide the best possible protection of your personal data, Google Analytics was expanded on this website by the code “anonymizeIP”. This code causes the last 8 bits of the IP address to be erased and thus your IP address is recorded anonymised (so-called IP masking). In this way, your IP address is basically shortened and thus anonymised by Google already before the transmission within member states of the European Union or in other contracting countries of the Agreement concerning the European Economic Area. Only in exceptional cases is the complete IP address transmitted to a server by Google in the USA and shortened there.

2. Google AdWords

We use the “Google AdWords” technology and, in this case, especially the conversion tracking. Google Conversion Tracking is an analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you click on a display placed by Google, a cookie for the conversion tracking is stored on your PC. The cookies have a validity of 30 days and do not serve for personal identification. If you visit certain pages of our website, and if the cookie has not yet expired, Google and we can detect that you have clicked on a specific display and were passed on to this page. In each case, Google AdWords customers obtain another cookie. Thus, it is not possible to track cookies via the websites of AdWords customers.

The data obtained by means of the conversion cookie serve for creating conversion statistics for AdWords customers that use the conversion tracking. In this way the customers obtain the number of users that have clicked on their display and thereupon were passed on to a page provided with a conversion tracking tag. Of course, they obtain no information, with which the user can be personally identified.

If you do not want to participate in the conversion tracking, you can prevent this by a corresponding setting in your browser, e.g. in the form that an installation of cookies is generally prevented. You can also deactivate cookies for the conversion tracking by setting your browser so that only cookies from the web address “googleadcervices.com” are blocked.

3. Google Remarketing

We use the “Google Remarketing” technology of the company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Remarketing places displays for users that have already visited out web pages and online services and have been interested in a specific offer. Within the Google advertising network, it is possible to place targeted and interest-based advertising displays on our page in this way. Google Remarketing uses cookies for this analysis. In this way our visitors can be recognised again as soon as they call up web pages within the Google advertising network. Within the Google advertising network, it is possible to place targeted and interest-based advertising displays that are based on the web pages of the Google advertising network (which also use Google’s remarketing function) previously visited by the visitor.

If you do not want to have targeted, interest-based advertising displayed, you can deactivate the use of cookies by Google for these purposes via the link: https://www.google.de/settings/ads.

After clicking on a social plug-in, the respective service supplier obtains the information that you have visited the corresponding page of our online offer. Please note, that for this you do not have to have a user account with the service concerned or that you are already logged in there. Of course, if you already have a user account with the service supplier concerned and are already logged in this account during the visit to our website, the data acquired by the social plug-in are directly associated with your account. If you do not want the association of your profile with the data supplier, you must log out from your user account before clicking on one of the social plug-ins.

Note that CANYON has no influence if and to what extent the respective service suppliers acquire personal data. Extent, purpose, and storage periods of the respective data collection are unknown to us. Of course, we inform you that it must be assumed that at least the IP address and device-related information are used and recorded via social plug-ins. It is also possible that the respective data suppliers use cookies.

Please obtain the data protection information directly from the website of the respective service concerning the extent and purpose of the data collection by the respective service as well as the further processing and use of your data. There, you will obtain further information concerning your corresponding data protection rights and settings possibilities for protection of your privacy.

2. Xing

A button of the “Xing” network is used on our website. By clicking on this button, a connection to the servers of XING AG (hereinafter “XING”) , with which the “XING button” functions are produced, is established via your browser for the short term. XING stores no personal data from you via calling up of this internet page. In particular, XING stores no IP addresses. Also, no evaluation of your usage behaviour takes place via the use of cookies in connection with the “XING share button”. You can find the respectively current data protection information and supplementary information on this internet page:https://www.xing.com/app/share?op=data_protection and http://www.xing.com/privacy.

3. YouTube

On our website we use, among others, the supplier YouTube for the integration of videos etc. YouTube is operated by YouTube LLC with main headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

On some of our internet pages, we use plug-ins of the supplier YouTube. If you call up the internet pages of our website that have such a plug-in, a connection to the YouTube Servers is produced and, in this way, the plug-in is presented. In this way, information about which of our internet pages you have visited is transmitted to the YouTube server If you are logged into YouTube as a member, YouTube associates this information with your personal user account. In case of using the plug-in such as, for example, clicking on the start button of a video, this information is also associated with your user account. You can prevent this association by logging out of your YouTube user account as well as other user accounts of the companies YouTube LLC and Google Inc. and erasing the corresponding cookies of the companies before using our internet site.

4. Instagram

A button from the Instagram service is integrated on our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages with your Instagram profile by clicking on the Instagram button. In this way, Instagram can associate the visit to our pages with your user account. We point out that we, as the supplier of the pages, obtain no knowledge of the content of the transmitted data as well as the use thereof by Instagram.You will find further information about this in the data protection statement of Instagram: https://help.instagram.com/155833707900388

§ 9 Hyperlinks

On our website, there are so-called hyperlinks to websites of other suppliers. Upon clicking on these hyperlinks, you are passed from our website directly onto the website of the other suppliers. You recognise this, among other things, by the change of the URL. We can assume no responsibility for the confidential treatment of your data on these websites of third parties, since we have no influence over whether these companies adhere to data protection provisions. Please learn about the treatment of your personal data by these companies directly on these websites.

§ 10 Rights of affected persons

Pursuant to the GDPR, you have the following rights as a person affected by the processing of personal data:

According to Article 15 GDPR, you can request information about personal data processed by us. In particular, you can request information about the processing purposes, the categories of the personal data, the categories of recipients, to whom your data were or are being disclosed, the planned storage duration, the existence of a right to correction, erasure, limitation of the processing, or objection, the existence of a right of complaint, the origin of your data, if the latter were not acquired from us, concerning the transmission to third party countries or to international organisations as well as concerning the existence of an automated decision-making including profiling and possibly predictive information concerning the details thereof.

According to Article 16 GDPR, you can immediately request the correction, or completion, of your incorrect personal data stored with us.

According to Article 17 GDPR, you can request the erasure of your personal data stored with us, if the processing is not necessary for the exercise of the right to free expression of opinion, for fulfilling a legal obligation, for reasons of public interest, or for assertion, exercise, or defence of legal claims.

According to Article 18 GDPR, you can request the limitation of the processing of your personal data, if you contest the correctness of the data, the processing is illegal, we no longer need the data, and you deny the erasure thereof because you need these for assertion, exercise, or defence of legal claims. The right pursuant to Article 18 GDPR is also available to you if you have lodged an objection to the processing according to Article 21 GDPR.

According to Article 20 GDPR, you can request to obtain your personal data, which you have provided to us, in a structured, regular, and machine-readable format or you can request the transmission to another responsible party.

According to Article 7 paragraph 3 GDPR, you can revoke the consent that you once granted to us at any time. The result of this is that, in the future, we may no longer continue the data processing based on such consent.

According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your work place, or your company headquarters for this.

§ 11 Right to object

In the case of the processing of your personal data on the basis of justified interests according to Article 6, paragraph 1, sentence 1, letter f GDPR you have the right, according to Article 21 GDPR, to lodge an objection against the processing of your personal data, if there are grounds for this, which result from your particular situation or the objection is directed against direct advertising. In the case of direct advertising, you have a general right to object, which shall be implemented by us without indication of a particular situation.

§ 12 Data security and security measures

We are committed to protecting your privacy and treating your personal data confidentially. In order to prevent a manipulation or a loss or misuse of your data stored with us, we take extensive technical and organisational security precautions, which are regularly checked and adapted for technological advances. This includes, among other things, the use of recognised encryption methods (SSL or TLS). However, we point out that because of the structure of the internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions that are not in our area of responsibility. In particular, unencrypted exposed data – e.g. when this takes place via email – can be read by third parties. We have technically no influence on this. It is in the area of responsibility of the user to protect the data made available, by them by means of encryption or in another way, against misuse.